Pages

Daily Tech Digest - July 26, 2017

The challenge is constant and unrelenting, as the survey found: 80% of IT leaders are under pressure to be constantly improving their organisation’s customer experience through digital innovation, but 90% of digital projects fail to meet expectations and only deliver incremental improvements Databases are currently a clear handicap to this improvement, as 84% have had digital projects cancelled, delayed, or reduced in scope because of the limitations of their legacy database. “Our study puts a spotlight on the harsh reality that despite allocating millions of dollars towards digital transformation projects, most companies are only seeing marginal returns and realising this trajectory won’t enable them to compete effectively in the future,” said Matt Cain, CEO of Couchbase.

There are in fact many cases of AI algorithms not being quite as smart as we might think. One infamous example of AI out of control was the Microsoft Tay chatbot, created by the Microsoft AI team last year. It took less than a day for the bot to learn to be racist. Experts say that it could happen to any AI system when bad examples are presented to it. In the case of Tay, it was manipulated by racist and other offensive language, and since it had been taught to “learn” and mirror that behavior, it soon ran out of the researchers’ control. A widely reported study conducted by researchers at Cornell University and the University of Wyoming found that it was fairly easy to fool algorithms that had been trained to identify pictures. The researchers found that when presented with what looked like “scrambled nonsense” to humans, algorithms would identify it as an everyday object like “a school bus.”

When you are talking about smart homes, the primary responsibilities of a CISO is to promote the consumerization of the smart home by getting rid of the fear factor that smart home devices can affect your privacy. ... Irrespective of the IoT or IT field, the biggest challenge every security officer faces today is weighing the business value with the risks. You should be able to support the business in a way that the product can be launched quickly so that the market can be captured appropriately, but at the same time the risks should be articulated. Being able to articulate the risks in the language of business will always be a learning exercise for every security professional. Sometimes businesses will make decisions based on the risks and you should be ready to flow with it. Sometimes the decisions will be made in favor of security. Either way, security should not be a blocker to business.

The golden rules for writing security policy still apply, such as making sure the process is shared with all stakeholders who will be affected by it, using language that everyone can understand, avoiding rigid policies that might limit business growth, and ensuring the process is pragmatic by testing it out. Just because policies are intended to be evergreen doesn’t mean they can’t become stale, says Jay Heiser, research VP in security and privacy at Gartner. Particularly at the standards levels, one level below policy, guidance may need to be updated for different lines of business, or for jurisdictions that may be driven by different regulatory rules or geographic norms. Security and risk experts offer five reasons why companies should take a fresh look at security policies.

The traditional wisdom of “don’t open suspicious links or attachments” does not prevent a user clicking on an email that has been specifically designed and crafted not to be suspicious. We have also seen attacks that exploit web pages people are known to browse or access, forums they use and other aspects of what could be described as “normal use of corporate and personal IT systems”. This extends to the use of cloud based-applications and file storage/sharing systems, travel booking services, tech support and chat applications – not reckless or naive behaviour, just normal. ... If you assume that some users are going to fall for these scams and that not all systems are going to have patches applied, then there is a need for better controls that can filter this use/exploitation and detect/prevent the inevitable people/process/technology security failures.

Cybersecurity skills are especially important when it comes to security analytics and operations. It takes highly experienced professionals to investigate security incidents, synthesize threat intelligence, or perform proactive hunting exercises. Unfortunately, this skills set is particularly lacking. In a recently published ESG research report, Cybersecurity Analytics and Operations in Transition, 412 cybersecurity and IT professionals were asked about the size and skill set of their organization’s cybersecurity team. As it turns out, 54 percent of survey respondents said the skill level for cybersecurity analytics and operations was inappropriate for an organization of their size, and 57 percent said the staff size for cybersecurity analytics and operations was inappropriate for an organization of their size.

A new survey conducted by the cloud infrastructure company Stratoscale finds that C-level executives define hybrid cloud slightly differently than IT specialists. When asked, "What does hybrid cloud mean to you?" the plurality of executives (44 percent) said it means that different workloads belong in different environments. Another 33 percent said it means the ability to move workloads between private and public cloud. By comparison, IT specialists were effectively split between the two answers (39 percent and 38 percent, respectively). Additionally, the survey suggests that executives experience a shift in their perception of "hybrid cloud" as their company's cloud adoption level increases. In enterprises with adoption levels below 20 percent, hybrid is most often defined as the ability to move workloads between private and public cloud.

Despite improving slightly, healthcare organizations have to stay on top of keeping their security measures in check. Organizations “that feel they are in a good place with their security program are the ones that do an annual external risk assessment,” Hall said. It’s crucial to conduct such assessments on a yearly basis, Hall noted, because of the evolving nature of cyberattacks. Rather than being reactive about their security efforts, hospitals must strive to be proactive when it comes to protecting their valuable data. And the data is indeed precious — gaining access to protected health information means big money for hackers. “Healthcare data is both accidental and intentional targets of attacks,” Beth Musumeci, vice president of cybersecurity for GE Healthcare, said.

On one hand, you have the expense and capital investment of operating your own data centers, but without the complete control of your data and processes that is one of the key benefits of on-premise technology stacks. On the other hand, you’ll have to deal with the complexity and potential of working with third-party cloud providers, without gaining much of the cloud’s promised benefit of freeing your team to focus on innovation instead infrastructure. ... Companies that really want to move to the cloud would be well served to move as much as possible—if not all—of their data center activities to the cloud as soon as practical. But, if for whatever reason they’re not ready to fully commit to the public cloud for the next few years, there’s a strong argument for doubling down on running their own data centers, and using the cloud only for simple, completely separate applications.

The automated approach could prove important to everyday medical treatment by making the diagnosis of potentially deadly heartbeat irregularities more reliable. It could also make quality care more readily available in areas where resources are scarce. The work is also just the latest sign of how machine learning seems likely to revolutionize medicine. In recent years, researchers have shown that machine-learning techniques can be used to spot all sorts of ailments, including, for example, breast cancer, skin cancer, and eye disease from medical images. “I've been encouraged by how quickly people are accepting the idea that deep learning can diagnose at an accuracy superior to doctors in select verticals,” Ng said via e-mail. He adds that it’s encouraging to see researchers looking beyond imaging to other forms of data such as ECG.

Quote for the day:

"Don't be buffaloed by experts and elites. Experts often possess more data than judgement." -- Colin Powell